Emissions, Instrumentation & Controls, O&M

Cybersecurity: Step One is Collaboration

Issue 3 and Volume 121.

by Robynn Andracsek, P.E., Burns & McDonnell and contributing editor

Cybersecurity affects many aspects of our society, but perhaps none as significantly as that of power generation. The daily life of most Americans depends on access to stable and reliable electricity, to the point where uninterruptible power backs up critical infrastructure, such as hospitals and data centers, in order to avoid the slightest electricity interruption. Historically, weather-related events and equipment failures were the most common causes of power interruption; however, times are changing.

When viewed from a national perspective, cybersecurity presents the greatest risk today to power producers. The first step towards mitigating this threat is collaborating with experts such as those at the National Cyber-Forensics & Training Alliance (NCFTA) in Pittsburgh, Pennsylvania. NCFTA is a unique entity in that it is an independent, nonprofit organization that is not part of the Federal Bureau of Investigations (FBI) or the private sector. NCFTA works with these groups in order to share intelligence about cybersecurity.

Cybersecurity represents a threat to more than one sector of our society. As companies and systems switch to online access and cloud storage of information, the exposure to cyber threats increases. Who hasn’t had a bank card or website account compromised by information theft? However, the stakes are higher when it comes to specific threats targeting energy production.

Cybercrime cannot be solved by a single organization. The Cyber Initiative and Resource Fusion Unit (CIRFU) of the FBI works with NCFTA. Cybercrime is different from other types of crime such as bank robbery because it takes place in virtual spaces. It is with the help of the private sector that the FBI can find cyber criminals and help keep individual networks safe. The FBI seeks the people behind the attacks in order to prosecute them. CIRFU serves as a bridge between the targets of cybercrime (such as utilities) and the government.

Supervisory Special Agent Thomas Grasso of CIRFU recommends that utilities proactively take the following steps:

  • Establish contacts with the local FBI Cyber Action Team and maintain up-to-date phone and email information for them. In the middle of an incident it is imperative to be able to quickly reach skilled assistance.
  • Keep the lines of communication open by sharing information between yourself, the FBI, and other private companies. Stay informed on the latest threats since an attack that occurs at one utility might quickly be tried at another.
  • Establish an incident response plan, then proactively and regularly test this plan. An out-of-date plan provides no protection and can hinder reactions during an event.

Join your local InfraGard chapter.

InfraGard is another partnership between the FBI and the private sector comprised of vetted representatives from businesses representing our nation’s critical infrastructure. According to Special Agent Ronda Schell, Kansas City Division InfraGard Coordinator, “The partnership is a mechanism for law enforcement and the private sector to share information and intelligence in a secure manner. Meetings and briefings are held periodically throughout the year providing an opportunity to discuss threats and matters which could affect their specific companies.” InfraGard is comprised of 84 chapters and more than 54,000 members nationwide representing critical infrastructures such as utilities, banking, healthcare, railroads, and chemical manufacturing. For more information regarding InfraGard and membership visit www.infragard.org.

Cyber security threats are evolving. Ten to 15 years ago, hackers demonstrated proficiency in order to establish street cred. Now, hackers are more likely to engage in cybercrime for profit. Across the board, cyber criminals look to make money by stealing information that they can then sell. These attackers seek new information storage and access points to exploit. A low priority system might provide access to get into a network which could be linked to sensitive controls. In fact, many systems might be online unbeknownst to the company’s cybersecurity team. Management of change plans are needed in order to communicate when new systems are transferred to online access so that internal security specialists can analyze any risk in advance.

Cyber criminals are experts at collaborating amongst themselves and training new members. The guardians of the electric grid need to be just as good at sharing information. The good news is that with the help of partnerships like InfraGard and NCFTA, the private sector is catching up.